what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-06-04

gpEasy CMS 4.0 Shell Upload
Posted Jun 4, 2013
Authored by CWH Underground

gpEasy CMS version 4.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e6a962ae8b8f243dd6d721a24a57df334654b638a0b15f05c7375f21e7d1860b
VxWorks R5_0_31 Data Disclosure
Posted Jun 4, 2013
Authored by Russell Butturini

The 3Com NBX V3000 phone system firmware was found to have the VxWorks remote debug service enabled. This allows for remotely extracting the contents of device memory over the network. When parsing the contents of memory, it was discovered that the call logs for the system as well as URLs which linked to WAV files containing voice mails that were accessible.

tags | exploit, remote, info disclosure
SHA-256 | 83f9bcf13390d5de35a662b882d55f84b95389bbc98e486345a8b9bca583fb12
Libsrtp srtp_protect/hmac_compute Buffer Overflow
Posted Jun 4, 2013
Authored by Fernando Russ | Site groundworkstech.com

There is a buffer overflow in libsrtp based on how the function crypto_policy_set_from_profile_for_rtp applies the cryptographic profiles srtp_profile_aes128_cm_sha1_32/srtp_profile_aes256_cm_sha1_32 to a srtp_policy, as shown by the source code of srtp/srtp.c.

tags | advisory, overflow
SHA-256 | 112bf3ad2eda5bcd6a0c1e1ed5ede49353a25cf04adb02ff4b6303ee26c6fef2
Monkey 1.2.0 Buffer Overflow
Posted Jun 4, 2013
Authored by dougtko

Monkey HTTPD version 1.2.0 suffers from a buffer overflow vulnerability that may result in arbitrary code execution or denial of service.

tags | exploit, denial of service, overflow, arbitrary, code execution
advisories | CVE-2013-3843
SHA-256 | e95d7c4461031fea05dff249b83585cd183eb5646afab885f06d666b7e6c2ecb
Cuppa CMS Remote / Local File Inclusion
Posted Jun 4, 2013
Authored by CWH Underground

Cuppa CMS suffers from remote and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | 1a69a262547b1fde2db132b721a60013a5cd8b3c578bd74d70a96f541610f65b
CMS Gratis Indonesia PHP Code Injection
Posted Jun 4, 2013
Authored by CWH Underground

CMS Gratis Indonesia version 2.2 Beta 1 suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
SHA-256 | d5d9e10e13a2a21562a07f38c21d1f17883de814411cf199efd4e1cc59e891c6
aCMS 1.0 Shell Upload / Insufficient Authorization
Posted Jun 4, 2013
Authored by MustLive

aCMS version 1.0 suffers from authentication bypass and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
SHA-256 | 875ffc473c15baa5846810a8e8bb150911ceee8efcf610bea5bbed80667ad678
Dotclear 2.5 Cross Site Scripting
Posted Jun 4, 2013
Authored by Nikhalesh Singh Bhadoria

Dotclear version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e963b235c2473ba1856c41c979ed4bdb77a01b126752a9d002ff7ec49969440a
Cisco Iframe Injection
Posted Jun 4, 2013
Authored by Vinesh Redkar

The newsroom.cisco.com site suffers from an iframe injection vulnerability.

tags | exploit
systems | cisco
SHA-256 | 7c7404d303323b25bef0361335de4f0a9addc36ab366f74f8c9064bbbeac0378
SweetRice CMS 1.2.5 Cross Site Scripting
Posted Jun 4, 2013
Authored by Nikhalesh Singh Bhadoria

SweetRice CMS version 1.2.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 156065d49f5041b39e8c0bd9573b39af9555b001376a5433c9fd44f984ccde60
Generating Stable Privacy-Enhanced Addresses With IPv6
Posted Jun 4, 2013
Authored by Fernando Gont | Site ietf.org

This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware address (e.g., using IEEE identifiers), such that the benefits of stable addresses can be achieved without sacrificing the privacy of users. The method specified in this document applies to all prefixes a host may be employing, including link-local, global, and unique- local addresses.

Changes: Revision 9 of this document.
tags | paper, local
SHA-256 | aea1ddd79e402a7e6cae6940341f56386d8efe61f639f9142e54a9dda4b93d71
Pixelpost 1.7.3 Cross Site Scripting
Posted Jun 4, 2013
Authored by Nikhalesh Singh Bhadoria

Pixelpost version 1.7.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b12ac8118bf09ea057609691a156e98a4c44163bd47842ab4492b16bad0c61bb
PEStudio 3.69 Denial Of Service
Posted Jun 4, 2013
Authored by Debasish Mandal

PEStudio version 3.69 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 894e7f4fc68a36429f7c80e4ae5b799448f3a8f2cf6a057e92074baaf53a4122
Telaen 1.3.0 XSS / Open Redirection / Disclosure
Posted Jun 4, 2013
Authored by Manuel Garcia Cardenas | Site isecauditors.com

Telaen versions 1.3.0 and below suffer from cross site scripting, open redirection, and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2013-2621, CVE-2013-2623, CVE-2013-2624
SHA-256 | 5feb4207ecee4e46ec86c9e6ba15c68352eb1601695fd3a1d1125aa7fe8cfbb5
SSLsplit 0.4.6
Posted Jun 4, 2013
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This bugfix release fixes a bug in passthrough mode (-P) when no matching certificate is found for a connection (issue 9) and a bug in binding to ports less than 1024 with default settings (issue 8). Additionally, it works around a bug in OpenSSL 1.0.0k and 1.0.1e which caused a segmentation fault when loading certificates or keys.
tags | encryption
SHA-256 | 3143e1c71803d7c023db29134bb1a2f142de3ebaf7c35d5109204828ddb3b075
PHD Help Desk 2.12 SQL Injection
Posted Jun 4, 2013
Authored by drone

PHD Help Desk version 2.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5bd6713ae091f3a88456a992a6a2c14fd6a5cd823bb577c71eac2b768737e167
Access Road 0.7.3
Posted Jun 4, 2013
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.

Changes: This major release improves the management of the user identity, the modeling of the structural relations, and the communications between the simulated software.
tags | tool
systems | linux, unix
SHA-256 | 3a8323727d389d763075b3fcd116e0a65ff044c84b953eb794d71d58ef587706
Seowonintech Routers Remote Root File Dumper
Posted Jun 4, 2013
Authored by Todor Donev

This exploit dumps an arbitrary file from the filesystem with root level permissions on Seowonintech routers with firmware less than and equal to 2.3.9.

tags | exploit, arbitrary, root
SHA-256 | a361e183bb4d71aeac2a13c018d683c22813b4cf4ffebf480914b8997082860a
Page 1 of 1

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By